内部微服务请求在Spring Cloud应用程序中以禁止状态响应
[英]inter micro-service request responds with Forbidden status in spring cloud application
问题描述
I am investigating microservice architecture. 
我正在研究微服务架构。 I chose the spring cloud framework. 我选择了Spring Cloud Framework。
My application shema looks like this: 我的应用程序shema看起来像这样:
Also I have discovery server eureka but I decided to skip on the picture to simplify it. 我也有发现服务器eureka,但我决定跳过图片以简化它。
Full source code of example you can find on githib: https://github.com/gredwhite/spring-cloud 您可以在githib上找到示例的完整源代码: https : //github.com/gredwhite/spring-cloud
Problem explanation: 问题说明:
hello world service: 你好世界服务:
@GetMapping("/helloWorld")
@HystrixCommand(fallbackMethod = "reliable")
public String hello() {
return this.restTemplate.getForObject("http://hello-service/hello?name=World", String.class);
}
hello service: 您好服务:
@GetMapping("/hello")
public String hello(@RequestParam("name") String name) throws UnknownHostException, InterruptedException {
return "Hello " + name + "!";
}
When I started the hello service and try to access localhost:8082/h/hello?name=Vasya ( /h - context path) - request happens successfully and I see Hello Vasya mesage in the response. 当我启动hello service并尝试访问localhost:8082/h/hello?name=Vasya ( /h上下文路径)时,请求成功完成,并且在响应中看到Hello Vasya Vasya消息。 I need to say that authentication is disabled for that service. 我需要说的是,该服务已禁用身份验证。
hello world service has index.html page and when I try to acces it - auth flow happens successfully and eventually this application log in successfully. hello world service有index.html页,当我尝试访问它时-身份验证流成功发生,最终该应用程序成功登录。 Then I try to execute method /hello from the hello world service and I see response: 然后,我尝试从hello world service执行方法/hello ,然后看到响应:
{"timestamp":"2018-05-17T08:53:04.623+0000","status":403,"error":"Forbidden","message":"Forbidden","path":"/hw/helloWorld"}
Oauth2 configuration: Oauth2配置:
hello world service 你好世界服务
@SpringBootApplication
@EnableEurekaClient
@RibbonClient(name = "say-hello")
@EnableAutoConfiguration
@EnableOAuth2Sso
public class HelloWorldStarter {
public static void main(String[] args) {
SpringApplication.run(HelloWorldStarter.class, args);
}
@RestController
@EnableDiscoveryClient
@EnableCircuitBreaker
public static class HelloWorldController {
@Autowired
private RestTemplate restTemplate;
@Autowired
private DiscoveryClient discoveryClient;
@GetMapping("/helloWorld")
@HystrixCommand(fallbackMethod = "reliable")
public String hello() {
return this.restTemplate.getForObject("http://hello-service/hello?name=World", String.class);
}
public String reliable() {
return "Could not get response from service";
}
}
@org.springframework.context.annotation.Configuration
public static class Configuration {
@Bean
@LoadBalanced
RestTemplate restTemplate() {
return new RestTemplate();
}
}
}
application.yml: application.yml:
spring:
application:
name: hello-world-service
server:
port: 8081
servlet:
context-path: /hw
eureka:
client:
serviceUrl:
defaultZone: http://localhost:8761/eureka
instance:
preferIpAddress: true
security:
oauth2:
client:
client-id: acme
client-secret: acmesecret
access-token-uri: http://localhost:8080/oauth/token
user-authorization-uri: http://localhost:8080/oauth/authorize
resource:
user-info-uri: http://localhost:8080/me
logging:
level:
org.springframework.security: DEBUG
org.springframework.web: DEBUG
Questions 问题
- How can I fix this problem? 我该如何解决这个问题?
- After previous point fix I want to know how to execute authorized request to that service. 在先前的点修复之后,我想知道如何执行对该服务的授权请求。 In other words I want to enable oauth 2 authorization on hello service and have possibility to make request from the
hello world service换句话说,我想在hello服务上启用oauth 2授权,并有可能向hello world service发出请求
1 个解决方案
解决方案1
0 2018-05-17 13:10:54
I think you use very strange approach to solve your problem. 我认为您使用非常奇怪的方法来解决您的问题。
I suggest you the following solution: 我建议您以下解决方案:
- Create FeignClient service. 创建FeignClient服务。
@FeignClient(name = "hello-service", url = "http://hello-service") public interface HelloService { @RequestMapping(method = RequestMethod.GET, value = "/hello") String hello(@PathVariable("name") String name); }
- Add oauth2FeignRequestInterceptor into SpringBoot Application class 将oauth2FeignRequestInterceptor添加到SpringBoot Application类中
@Bean public RequestInterceptor oauth2FeignRequestInterceptor() { return new RequestInterceptor() { @Override public void apply(RequestTemplate requestTemplate) { OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) SecurityContextHolder.getContext().getAuthentication().getDetails(); requestTemplate.header("Authorization", "bearer " + details.getTokenValue()); } }; }
- Add several annotation into your SpringBoot Application class 在SpringBoot Application类中添加几个注释
@EnableOAuth2Client @EnableGlobalMethodSecurity(prePostEnabled = true) @EnableFeignClients public class HelloWorldStarter
That's all hope it helps. 都希望能有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.